A work in progress. Use at your own risk.
A Kong plugin for signing incoming requests with Amazon Web Services (AWS) authentication headers v4.
This plugin is based on Kong's aws-lambda plugin, and the kong-plugin boilerplate. It was developed using docker-kong-dev, an unofficial Docker image (tooling) for Kong testing, and development.
It can be used for proxying requests to an upstream AWS API / service (e.g. ElasticSearch). In doing so, you can send HTTP requests without using bespoke proxies, AWS SDKs or external libraries to sign your requests. You can instead rely on widely supported authentication methods (e.g. basic auth, token auth, etc) via Kong plugins.
It is not currently published in luarocks, so it will have to be built / packaged manually. Otherwise, use the pre-installed / loaded version of Kong.
Instead of docker pull kong, use:
docker pull mrsaints/kong-aws
| Field | Type | Description |
|---|---|---|
aws_region |
string |
The region the service resides in, e.g. us-east-1. |
aws_service |
string |
The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of namespaces, see AWS Service Namespaces. |
aws_key |
string |
The AWS key credential to be used when signing a request. |
aws_secret |
string |
The AWS secret credential to be used when signing a request. |
timestamp |
timestamp |
(Optional) This is used for signing a request with the current datetime. It is mostly used for testing, so leave this alone unless you know what you are doing. |
If your aws_key or aws_secret contains special characters, ensure that they are URL percent encoded (e.g. + -> %2B).